Rationale for placing forgotten password link in the field

1. What is the purpose of forgot password?
2. Why do companies give you a link to create a new password when you click forgot password?
3. How does password reset link work?
4. What is the test cases for forgot password?

What is the purpose of forgot password?

Most websites that require a user to log in provide a link titled forgot password or another similar phrase feature. This link allows users who have forgotten their password to unlock, retrieve, or reset it, usually by answering account security questions or sending them an e-mail.

Why do companies give you a link to create a new password when you click forgot password?

Because if a user can log into their account with their known password they know that an attacker hasn't used a password reset link and changed their password. Password resets create noise.

How does password reset link work?

The typical password reset link is emailed to the user and contains a unique token that in some manner identifies the user. By clicking the link, the user proves they have access to the email associated to the account, and has now authenticated using a second factor.

What is the test cases for forgot password?

Test Cases for Forgot Password

Check if the forgot password link is directed to the right page i.e. forgot password page. Verify that the link to change the password is sent to the user's emailId only. Verify that the security questions asked are the same as the ones that the user entered during sign-up.